The client receives the push_data header and the header of a data_block when it tries to parse the answer of an request. The remaining buffer size to store the actual data has to remove these two headers from its available, original buffer size. The read of the data would otherwise (potentially) overflow the output buffer.
Signed-off-by: Sven Eckelmann sven@narfation.org
--- client.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/client.c b/client.c index 3670f4f..0283f57 100644 --- a/client.c +++ b/client.c @@ -38,6 +38,7 @@ int alfred_client_request_data(struct globals *globals) struct alfred_tlv *tlv; struct alfred_data *data; int ret, len, data_len, i; + const size_t buf_data_len = sizeof(buf) - sizeof(*push) + sizeof(*data);
if (unix_sock_open_client(globals, ALFRED_SOCK_PATH)) return -1; @@ -88,7 +89,7 @@ int alfred_client_request_data(struct globals *globals) data_len = ntohs(data->header.length);
/* would it fit? it should! */ - if (data_len > (int)(sizeof(buf) - sizeof(*push))) + if (data_len > (int)buf_data_len) break;
/* read the data */